support for user groups

diff --git a/acl.sh b/acl.sh
index 93cbf6471007428d68ae96ba7f443930ef278527..9e1da4c28f69aecdd61c3dae8bf67106fab54190 100755 (executable)
--- a/acl.sh
+++ b/acl.sh
@@ -66,7 +66,7 @@ acl_collect(){
 
 acl_read(){
   local page="${1:-${PATH_INFO}}"
-  local acl
+  local acl group
 
   if [ "$acl_cachepath" != "$page" ]; then
     acl_cachepath="$page"
@@ -79,21 +79,28 @@ acl_read(){
          acl="${acl%%:*}:read";;
       *) acl="${acl%%:*}:";;
     esac
+    [ "$USER_NAME" ] && case ${acl%:*} in
+      \&*|+\&*|-\&*)
+        group="${acl%%:*}" group="${group#[+-]}"
+        printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \
+        || continue
+        ;;
+    esac
     [ "$USER_NAME" ] && case $acl in
-       "Known:read") return 0;;
-       "Known:")     return 1;;
-      "+Known:read") return 0;;
-      "-Known:read") return 1;;
-       "@${USER_NAME}:read") return 0;;
-       "@${USER_NAME}:")      return 1;;
-      "+@{$USER_NAME}:read") return 0;;
-      "-@{$USER_NAME}:read") return 1;;
+       "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":")
+        return 1;;
+       "@${USER_NAME}:read"|"Known:read"|"@@:read"|"&"*":read")
+        return 0;;
+      "-@{$USER_NAME}:read"|"-Known:read"|"-@@:read"|"-&"*":read")
+        return 1;;
+      "+@{$USER_NAME}:read"|"+Known:read"|"+@@:read"|"+&"*":read")
+        return 0;;
     esac
     case $acl in
-       "All:read") return 0;;
-       "All:")     return 1;;
-      "+All:read") return 0;;
-      "-All:read") return 1;;
+       "All:"|"*:")          return 1;;
+       "All:read"|"*:read")  return 0;;
+      "-All:read"|"-*:read") return 1;;
+      "+All:read"|"+*:read") return 0;;
     esac
    done <<-EOF
        ${acl_collection}
@@ -103,7 +110,7 @@ acl_read(){
 
 acl_write(){
   local page="${1:-${PATH_INFO}}"
-  local acl
+  local acl group
 
   if [ "$acl_cachepath" != "$page" ]; then
     acl_cachepath="$page"
@@ -116,21 +123,28 @@ acl_write(){
          acl="${acl%%:*}:write";;
       *) acl="${acl%%:*}:";;
     esac
+    [ "$USER_NAME" ] && case ${acl%:*} in
+      \&*|+\&*|-\&*)
+        group="${acl%%:*}" group="${group#[+-]}"
+        printf '%s\n' "$USER_GROUPS" |grep -qxF "$group" \
+        || continue
+        ;;
+    esac
     [ "$USER_NAME" ] && case ${acl} in
-       "Known:write") return 0;;
-       "Known:")      return 1;;
-      "+Known:write") return 0;;
-      "-Known:write") return 1;;
-       "@${USER_NAME}:write") return 0;;
-       "@${USER_NAME}:")      return 1;;
-      "+@{$USER_NAME}:write") return 0;;
-      "-@{$USER_NAME}:write") return 1;;
+       "@${USER_NAME}:"|"Known:"|"@@:"|"&"*":")
+        return 1;;
+       "@${USER_NAME}:write"|"Known:write"|"@@:write"|"&"*":write")
+        return 0;;
+      "-@{$USER_NAME}:write"|"-Known:write"|"-@@:write"|"-&"*":write")
+        return 1;;
+      "+@{$USER_NAME}:write"|"+Known:write"|"+@@:write"|"+&"*":write")
+        return 0;;
     esac
     case $acl in
-       "All:write") return 0;;
-       "All:")      return 1;;
-      "+All:write") return 0;;
-      "-All:write") return 1;;
+       "All:"|"*:")             return 1;;
+       "All:write"|"*:write")   return 0;;
+      "-All:write"|"-*:write")  return 1;;
+      "+All:write"|"+*:write")  return 0;;
     esac
   done <<-EOF
        ${acl_collection}

diff --git a/auth/default.sh b/auth/default.sh
index 816ad70acc1f1872a530301031c7bf218607680d..02778db798c126186d02417f619fcc981d9593bd 100644 (file)
--- a/auth/default.sh
+++ b/auth/default.sh
@@ -1,3 +1,18 @@
 #!/bin/sh
 
 . "$_EXEC/cgilite/users.sh"
+
+GROUP_BASE="${GROUP_BASE:-/[wiki]/}"
+
+rgx_uname="$(printf '%s' "$USER_NAME" |sed 's;[.*+?^${}()|[\]\\];\\&;g')"
+
+USER_GROUPS="$(
+  grep -lE '^[\t ]*[-+*][\t ]+'"${rgx_uname}${CR}"'?$' "$_DATA/pages${GROUP_BASE%/}/&"*"/#page.md" \
+  | while read group; do
+    group="${group#"$_DATA/pages${GROUP_BASE%/}/"}"
+    group="${group%"/#page.md"}"
+    printf '%s\n' "$group"
+  done
+)" 2>&-
+
+export USER_GROUPS